Insufficient scope to call API.Required: ltiv1p3:ags:readlineitem

Stéphane.M.173
Stéphane.M.173 Posts: 3 🔍
in Development

Hello,

I'm trying to manage grades in BrightSpace using a LTI Advantage 1.3 tool connecting to our in house software. I had success registering the app, deploying it, login, accessing course and user info using this as a base :

https://github.com/ikovac/lti-tool-example

Now I want to access AGS (Assignment and Grade Services).

I used this resource to do build my tool : https://community.d2l.com/brightspace/kb/articles/23752-assignments-and-grades-services-extension-with-lti-1-3

The ID token returns this :

'https://purl.imsglobal.org/spec/lti-ags/claim/endpoint': {
scope: [
'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',
'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly',
'https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly',
'https://purl.imsglobal.org/spec/lti-ags/scope/score'
],
lineitems: 'https://DOMAIN.brightspace.com/d2l/api/lti/ags/2.0/deployment/UUID/orgunit/266002/lineitems'
},

So, I try accessing 'https://DOMAIN.brightspace.com/d2l/api/lti/ags/2.0/deployment/UUID/orgunit/266002/lineitems' using the ID token information, but it returns a 403 Error : "{ Errors: [ {Message: "Insufficient scope to call API.Required: ltiv1p3:ags:readlineitem"} ] }"

I tried setting up the Oauth scopes using the procedure explained in https://community.d2l.com/brightspace/discussion/2124/adding-course-content-through-api-calls, but it doesn't seem to work for LTI as well as with the API. I can't add "ltiv1p3:ags:readlineitem" to the scope: it won't save the config. I can add scopes defined here ( https://docs.valence.desire2learn.com/http-scopestable.html ), but it doesn't fix my issue.

Also, I can't find the "Can be graded in Grades" in the "Roles and Permissions", as mentioned in the doc above.

What needs to be done to manage grades using a LTI 1.3 tool ?

Best regards,

Stéphane

PS : some resources I consulted, among others :

  • https://community.d2l.com/brightspace/discussion/6060/problem-with-third-party-integration-lti-advantage-and-oauth-2-0-authentication
  • https://community.auth0.com/t/insufficient-scope-but-my-token-contains-required-permissions/33710
  • https://www.imsglobal.org/spec/lti/v1p3
Tagged:
· Share on Twitter

Answers

  • Sreelakshmi.N.546
    Sreelakshmi.N.546 Posts: 105

    Hi Stephane,

    Thank you for reaching out to us through Community!

    The scopes that you mentioned were already right and should be working.

    Since you still receive the error, we recommend that you please open a support ticket with us, including the details of how the scopes were defined in your app and screenshots or a video recording of the issue if available.

    This helps us to investigate the issue further and help answer your query.

    Thanks

    Sreelakshmi

    · Share on Twitter
  • Stéphane.M.173
    Stéphane.M.173 Posts: 3 🔍

    Hi Sreelakshmi,

    Thanks for getting back to me. I would be happy to provide you with all details required to fix the issue. To this end, I need more information though.

    Which "scopes already right which should be working" are you referring to exactly ? Are they the Oauth 2 ones or the LTI ones (extensions) ? The current Oauth2 scopes I currently defined in "Cog > Manage extensibility > Oauth 2.0 > My App" are :

    • content:module:read
    • enrollment:orgunit:read
    • groups:group:read
    • organizations:organization:read
    • orgunits:course:read
    • sections:section:read
    • users:userdata:read

    When I try to add "ltiv1p3:ags:readlineitem" it says that an error occurred.

    Best regards,

    Stéphane

    · Share on Twitter

Categories